Nmap
Scan Summary :
| severity | service | vulnerability |
info | http (port:80) | |
info | http (port:443) | |
info | http (port:8080) | |
info | http (port:8443) |
Mozilla HTTP observatory
Scan Summary :
| Impact | Description | Documentation |
| Subresource Integrity (SRI) not implemented, and external scripts are loaded over HTTP or use protocol-relative URLs via src="//..." | Doc Subresource Integrity. | |
| Content Security Policy (CSP) implemented unsafely. This includes 'unsafe-inline' or data: inside script-src, overly broad sources such as https: inside object-src or script-src, or not restricting the sources for object-src or script-src. | Doc Content Security Policy. L'extension github.com/april/laboratory permet de générer la CSP pour votre application. | |
| Cookies set without using the Secure flag or set over HTTP | OWASP Session Management Cheat Sheet. | |
| HTTP Strict Transport Security (HSTS) header set to less than six months (15768000) | Doc header Strict-Transport-Security (HSTS). |
SSL
Scan Summary :
Grade capped to A. HSTS max-age is too short
Expiration : 13/06/2024
Nuclei
| Séverité | Name | Matcher |
unknown | Credentials Disclosure Check | credentials-disclosure |
info | DNS SaaS Service Detection | dns-saas-service-detection |
info | CAA Record | caa-fingerprint |
info | DOM EventListener - Cross-Site Scripting | addeventlistener-detect |
info | XSS-Protection Header - Cross-Site Scripting | xss-deprecated-header |
info | Form Detection | form-detection |
info | HTTP Missing Security Headers | permissions-policy |
info | HTTP Missing Security Headers | referrer-policy |
info | HTTP Missing Security Headers | clear-site-data |
info | HTTP Missing Security Headers | cross-origin-embedder-policy |
info | HTTP Missing Security Headers | cross-origin-opener-policy |
info | HTTP Missing Security Headers | cross-origin-resource-policy |
info | Wappalyzer Technology Detection | google-tag-manager |
info | Wappalyzer Technology Detection | cloudflare |
info | robots.txt endpoint prober | robots-txt-endpoint |
info | robots.txt file | robots-txt |
info | Sitemap Detection | sitemap-detect |
info | Missing Subresource Integrity | missing-sri |
info | WAF Detection | cloudfront |
info | WAF Detection | cloudflare |
info | Detect SSL Certificate Issuer | ssl-issuer |
info | SSL DNS Names | ssl-dns-names |
info | TLS Version - Detect | tls-version |
info | TLS Version - Detect | tls-version |
